If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

You could try having snort listen for something from x.x.x.x to y.y.y.y then write an alert to a log file only used by this rule. Have logwatch or some custom script check that log every second, then re-writes the packet swapping the source and destination in the header with an ip spoofing tool such as hunt.